On Thu, Jan 10, 2019 at 12:05:32AM +0100, David Kozub wrote: > On Mon, 7 Jan 2019, Stefan Hajnoczi wrote: > > > QEMU supports LUKS encrypted disk images so no new code is needed for > > the actual encryption. > > Thanks for the feedback, Stefan. I know very little about qemu internals (I > looked around a bit). One issue is: OPAL needs some persistent data outside > of the actual user-visible data. How does that fit in with storage in QEMU? > Perhaps the implementation could just occupy a fixed size of the associated > storage for the OPAL state.
See block/crypto.c for the LUKS block driver. Perhaps OPAL needs to something similar (OPAL state + LUKS). > > > Or, just a pass-through to a block device in the host - but a pass-through > > > that would allow OPAL commands. > > > > You can pass through a storage controller using PCI passthrough or you > > can pass through a SCSI LUN, but there is no ATA passthrough. > > I currently don't have a usable box for PCI passthrough. I'm thinking that > ATA passthrough could be generally usable for any fiddling and perhaps not > too difficult to implement. > > If I understand QEMU sources correctly, this needs to touch hw/ide/core.c > (ide_exec_cmd), either adding a layer for OPAL, or just forwarding ATA > commands for pass-through. Right? Yes. Stefan
signature.asc
Description: PGP signature
